Hello community, here is the log from the commit of package empathy for openSUSE:11.3 checked in at Fri Nov 4 15:02:32 CET 2011. -------- --- old-versions/11.3/UPDATES/all/empathy/empathy.changes 2011-10-28 10:38:20.000000000 +0200 +++ 11.3/empathy/empathy.changes 2011-11-01 05:23:09.000000000 +0100 @@ -1,0 +2,6 @@ +Tue Nov 1 04:09:49 UTC 2011 - sreeves@suse.com + +- Update empathy-cve-2011-3635.patch to use escaped name + everywhere in theme_adium_append_message + +------------------------------------------------------------------- calling whatdependson for 11.3-i586 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ empathy.spec ++++++ --- /var/tmp/diff_new_pack.djzMbx/_old 2011-11-04 15:01:24.000000000 +0100 +++ /var/tmp/diff_new_pack.djzMbx/_new 2011-11-04 15:01:24.000000000 +0100 @@ -21,7 +21,7 @@ Name: empathy Url: http://live.gnome.org/Empathy Version: 2.30.1 -Release: 3.<RELEASE2> +Release: 3.<RELEASE5> # FIXME: 2.29.3 fails a parallel build, but a newer tarball should work since the bug got fixed in gnome-doc-utils License: GPLv2+ Summary: Instant Messenger Client for GNOME, based on Telepathy ++++++ empathy-cve-2011-3635.patch ++++++ --- /var/tmp/diff_new_pack.djzMbx/_old 2011-11-04 15:01:24.000000000 +0100 +++ /var/tmp/diff_new_pack.djzMbx/_new 2011-11-04 15:01:24.000000000 +0100 @@ -11,19 +11,31 @@ const gchar *body; const gchar *name; const gchar *contact_id; -@@ -594,8 +594,10 @@ theme_adium_append_message (EmpathyChatV - } +@@ -464,12 +464,13 @@ theme_adium_append_message (EmpathyChatV + body_escaped = theme_adium_parse_body (body); + name = empathy_contact_get_name (sender); + contact_id = empathy_contact_get_id (sender); ++ name_escaped = g_markup_escape_text (name, -1); + + /* If this is a /me, append an event */ + if (empathy_message_get_tptype (msg) == TP_CHANNEL_TEXT_MESSAGE_TYPE_ACTION) { + gchar *str; + +- str = g_strdup_printf ("%s %s", name, body_escaped); ++ str = g_strdup_printf ("%s %s", name_escaped, body_escaped); + theme_adium_append_event_escaped (view, str); + + g_free (str); +@@ -595,7 +596,7 @@ theme_adium_append_message (EmpathyChatV if (html != NULL) { -+ name_escaped = g_markup_escape_text (name, -1); -+ theme_adium_append_html (theme, func, html, len, body_escaped, - avatar_filename, name, contact_id, + avatar_filename, name_escaped, contact_id, service_name, message_classes->str, timestamp); } else { -@@ -611,6 +613,7 @@ theme_adium_append_message (EmpathyChatV +@@ -611,6 +612,7 @@ theme_adium_append_message (EmpathyChatV priv->last_is_backlog = is_backlog; g_free (body_escaped); continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org